Job Description

We are looking for a Cybersecurity Engineer with hands-on experience in Vulnerability Assessment and Penetration Testing (VAPT), Web & Network Security, Cloud Security, and Reconnaissance (Recon) techniques. The ideal candidate should be proficient with Burp Suite, security reconnaissance tools, and other cybersecurity solutions while also being familiar with industry-standard security frameworks and compliance requirements. The role involves identifying vulnerabilities, securing applications and networks, conducting reconnaissance for security assessments, monitoring security incidents, and ensuring compliance with industry standards. Key Responsibilities: 1. Reconnaissance & Information Gathering • Perform passive and active reconnaissance to gather target information. • Utilize tools like Amass, Subfinder, Assetfinder, Shodan and Google Dorking. • Perform OSINT (Open-Source Intelligence) analysis using sources like WHOIS, DNS enumeration, and certificate transparency logs. • Identify exposed assets, subdomains, and data leaks for security assessments. 2. Vulnerability Assessment & Penetration Testing (VAPT) • Conduct Web Application, API, and Network penetration testing. • Use Burp Suite, OWASP ZAP, Acunetix, Nessus, and Metasploit for security testing. • Perform manual and automated security assessments to detect OWASP Top 10 risks and other vulnerabilities. • Generate detailed security reports with risk analysis and remediation recommendations. 3 . Network & Cloud Security • Perform network security assessments using Nmap, OpenVAS, Wireshark, and Snort. • Conduct firewall audits, VPN security analysis, and network hardening. • Secure cloud environments (AWS, Azure, Kubernetes) with Prisma Cloud, Aqua Security, Qualys, and Sysdig Secure. 4. Cybersecurity Monitoring & Incident Response • Work with SIEM tools (Splunk, ELK, CrowdStrike, Darktrace) for log monitoring and anomaly detection. • Investigate security incidents and threats using MITRE ATT & CK, VirusTotal, ThreatConnect. • Perform forensic analysis and develop remediation strategies. 5 . Compliance & Risk Management • Ensure compliance with OWASP, NIST, ISO 27001, CIS Benchmarks, PCID SS, GDPR. • Conduct security audits, risk assessments, and vulnerability management. • Develop and implement security policies and best practices for the organization. Required Skills & Tools: Recon & Information Gathering: • Shodan, FOCA, Google Dorking, WHOIS, OSINT tools Application & Web Security: • Burp Suite Pro, OWASP ZAP, Acunetix, WAFs (Cloudflare, AWS WAF, ModSecurity) Network Security: • Nmap, Nessus, OpenVAS, Wireshark, Metasploit Pro, Snort, Firewalls,V PNCloud Security DevSecOps • Azure Security Center, AWS Security Hub, Kubernetes Security (Kube-bench, Falco), Prisma Cloud, Aqua Security, Qualys Security Frameworks & Compliance: • OWASP Top 10, NIST, CIS Benchmarks, ISO 27001, GDPR, PCI DSS,M ITRE ATT & CK Threat Intelligence SIEM Tools: • Splunk, CrowdStrike Falcon, VirusTotal, ThreatConnect, MISP Preferred Certifications (Optional but beneficial): • CEH (Certified Ethical Hacker) • OSCP (Offensive Security Certified Professional) • CompTIA Security+ • AWS Security Specialty / Azure Security Engineer Associate Soft Skills: Strong analytical and problem-solving skills Ability to work independently and collaborate with teams Excellent communication skills for reporting security findings Interested? Apply now or drop your resume at apin.lal@gadgeon.com